With the explosion of electronic commerce and digital personal information, facilitated by the rapid growth of the Internet, focus has been placed on the protection of financial and personal data. One element in protecting these data is encryption. Encryption is the process of converting information into an unintelligible form except to holders of a specific cryptographic key. By encrypting the information, it is protected against unauthorized disclosure.
Encryption is accomplished through a cryptographic algorithm. The algorithm is used to “lock” the information at one point and “unlock” it at another. Keys are used to lock and unlock the information. In a secret-key or symmetric key encryption, the same key is used to lock and unlock (encrypt and decrypt) the information. In public key or asymmetric key encryption, a public key is used to encrypt the information and a private key is used to decrypt the information. A key is often a numerical value. The length of the key generally determines the relative security of the key.
Many types of information use encryption. One example is the payment card industry, including credit card data and other financial information. Indeed, the credit card industry had taken great steps to ensure that financial data and transaction data is protected. For example, cardholder data must be encrypted when it is stored or transmitted over a public network. This requirement covers everything from producing the credit cards, including information stored on the magnetic strip or embedded chip on the card, to authenticating and authorizing transactions made with the card. One key piece of data that must be encrypted is a user's personal identification number (PIN).
Financial institutions employ Internet web sites to support customer transactions and account access. A customer can log into the web site and select links to navigate to web pages having content associated with the account. The customer can also complete certain transactions, such as transfers between multiple accounts and bill payments.
Financial institutions also employ interactive voice response (IVR) applications to support customer transactions. Typically, a customer will call a telephone number for the system. An automated system will provide recorded instructions to the user, such as, “for inquiries about a checking account, press 1.” The customer uses the number key pad on a telephone to select menu items and enter alphanumeric data, such as an account number.
However, one option that is not available to customers using an Internet web site or an IVR application is for the customer to access a PIN or password associated with an account while providing a secure platform for the information. Current standards and best practices require that a PIN remain encrypted at all times, excepting when the PIN is in a hardware security module (“HSM”) or in a PIN mailer that is mailed to the customer when the customer opens an account or requests a new PIN. If a customer forgets a PIN associated with a financial card, such as a credit or debit card, the conventional solution is to generate a new PIN and mail the new PIN to the customer in a PIN mailer. This process is expensive and leaves the card unusable until the new PIN is received by the customer. With the advent of computers and online banking, such delay is unacceptable and frustrating to the customer. This process also leads to confusion as customers frequently forget that a new PIN has been issued and continue to attempt to use the old PIN, leading to even further administrative expense.
Accordingly, systems and methods are needed to provide customers with quick and secure access to a PIN associated with a financial account. Another need exists for systems and methods for allowing an account holder to quickly set or modify the PIN.